OpenVZ Forum: Support » Side effects of enabling CAP_SYS

Home » General » Support » Side effects of enabling CAP_SYS_TIME inside VE

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Side effects of enabling CAP_SYS_TIME inside VE [message #20364]

Mon, 17 September 2007 11:08

piavlo
Messages: 159
Registered: January 2007

Senior Member

Hi,
I get a strange behaviour inside VE then i enable CAP_SYS_TIME
for a specific VE with "vzctl set <VEID> --capability sys_time:on"

Then CAP_SYS_TIME is disabled inside VE and i try to run ntpd
with -u ntp:ntp to drop root privileges, ntpd fails to start with error message:
ntpd[8176]: cap_set_proc() failed to drop root privileges: Operation not permitted

Then i enable the CAP_SYS_TIME inside the VE so that ntpd
could change system time, the side effect is that ntpd
also succeedes to drop root privileges and runs as ntp user.

Why is this so? Why enabling CAP_SYS_TIME also allows dropping root privileges?

Thanks
Alex

[Updated on: Mon, 17 September 2007 11:08]

Report message to a moderator

[Message index]

		Side effects of enabling CAP_SYS_TIME inside VE By: piavlo on Mon, 17 September 2007 11:08
		Re: Side effects of enabling CAP_SYS_TIME inside VE By: piavlo on Thu, 20 September 2007 08:49
		Re: Side effects of enabling CAP_SYS_TIME inside VE By: vaverin on Thu, 20 September 2007 13:07

Previous Topic:	deriving a configuration from the example configs
Next Topic:	setting ACPI sleep support working

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Sep 14 06:25:21 GMT 2024

Total time taken to generate the page: 0.04391 seconds